Setting Up the Source Active Directory Synchronization Account
This section describes how to set the required permissions for the Source Active Directory Synchronization Account. This account is used by the Directory Synchronization Agent (DSA) to access the source Active Directory domain
The required privilege level for the Source Active Directory Synchronization Account is membership in the Domain Admins group of the source domain.
|
|
Caution: If for some reason you cannot grant such privileges to the Source Active Directory Synchronization Account, then refer to the System Requirements and Access Rights document for the list of minimal required permissions. |
To grant the necessary permission to the Source Active Directory Synchronization Account, perform the following:
- On the source domain controller in the Active Directory Users and Computers snap-in, click Users, then in the right pane right-click Domain Admins and click Properties.
- Go to the Members tab, click Add and select the Source Active Directory Synchronization Account.
- Close the dialog boxes by clicking OK.
Setting Up the Source Exchange Account
This section describes how to set the required permissions for the Source Exchange Account used by Migration Manager for Exchange agents. This account is used for the following:
- Working with source Exchange mailboxes and public folders (used by Migration Agent for Exchange, Public Folder Source Agent and Public Folder Target Agent)
- Moving mailboxes
Mailbox and Calendar Synchronizations
The following permissions are required for source Exchange account used by Migration Agent for Exchange during mailbox or calendar synchronization:
|
|
TIP: The Read permission for the Microsoft Exchange container is required only if you plan to add the source Exchange organization using the Add Source Organization Wizard under this account. |
To set up the Source Exchange Account, perform the steps described in the related subtopics.
|
|
NOTE: Note that the steps are given only as an example of a possible Source Exchange Account setup. |
Public Folder Synchronization
The following permissions are required for source Exchange account used by PFSA and PFTA during public folder synchronization:
- Membership in the local Administrators group on all source Exchange servers involved in the migration. If a server is a domain controller, the account should be added to the domain local Administrators group of the domain.
- The Mail Enabled Public Folders management role
- Permissions to process public folders involved in the migration by granting Full Control permission on mailbox databases where those public folders reside.
- Permission to log on to public folder administrator mailbox by granting Full Control on it.
|
|
Note: Exchange account used for public folder synchronization must be mailbox-enabled to be able obtaining source public folder hierarchy. |
To set up the Source Exchange Account, perform the steps described in the related subtopics.
|
|
NOTE: Note that the steps are given only as an example of a possible Source Exchange Account setup. |
Changing the Default Exchange Account
Changing Default Exchange Account
To go on using the default Exchange Account for Exchange migration, grant the permissions required for Exchange migration to this account (see the next steps).
Granting Read Access to Active Directory Domain
To grant this permission to an account, complete the following steps:
- In the Active Directory Users and Computers snap-in, right-click the domain name, and then click Properties.
- On the Security tab, click Add and select the account.
- Select the account, and then check the Allow box for the Read permission in the Permissions box.
- Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit.
- In the Permission Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list.
- Close the dialog boxes by clicking OK.
